Start with the basics:
- Harden SSH by only allowing public key authentication and use strong keys to authenticate instead of passwords.
- Setup fail2ban (lots of online resources, check Linode guides) to block malicious IPs temporarily.
- If the data you store is something only you should see, then it should not ever be connected to the internet, airgap wherever possible.
- And finally, keep your shit updated.
On Android try NewPipe, but dont expect algorithm recommendations, just the main trending pages. Same for iOS use “unwatched”